SQS Group Limited

Managing Code Quality and Delivery in the 21st Century

Application Intelligence

Sebastian Paczynski

© SQS Group Ltd. | AI | January 2009 | Page 2

Improve the Quality of Code and Ensure Delivery

Assess Code Maintainability

Compare Code Quality

Avoid Legal License Pitfalls

But what about meeting deadlines?

The Department of Commerce's National Institute of Standards and Technology (NIST) estimates that software bugs cost the U.S. economy nearly $60 billion annually and that improved testing could eliminate more than one-third of software failures. The report explained that almost 80% of development costs entail identifying and correcting defects

Improving software code quality will help meet deadlines and deliver high quality software that meets the client needs

Management Challenges in Delivering Quality Code

© SQS Group Ltd. | AI | January 2009 | Page 3

To improve any process we need to know where we are and where we want to be. To get from point A to point B we need to know where they are

How can we identify where we are Need a defined process that is repeatable and cost effective

Code Reviews are useful but costly, not free of emotion

Need to continually assess software quality to assess progress of improvements (compare code quality)

Where should we be There is no “perfect world scenario” - Money and time are limiting factors but what is “good

enough”?

How are our competitors doing?

What can we do to ensure that potential issues are found early during development as opposed to during testing (or production) when it may be too late for major changes to be implemented

How can we ensure that development teams or vendors adhere to a certain level of quality?

Improve the Quality of Code

© SQS Group Ltd. | AI | January 2009 | Page 4

Average developer makes ± 125 errors for every thousand lines of code written

Even if only 10% of these errors are serious, this equates to about 250 major coding errors in an application of 20,000 lines of code which is a relatively small system, especially in the enterprise environment

Issues found early in the development lifecycle are significantly cheaper to fix compared to when found late in the development lifecycle

Improving quality ensures that developers are free to get on with the task as opposed to wasting time on fault finding and fixing

Poor architecture can cause many quality problems including but not limited to:

Fragility

Lack of scalability (Code Maintainability )

Resistance to modification (Code Maintainability )

Software developers must be aware of the architecture and the relationships which exist between classes and/or libraries and ensure that local changes do not have adverse effects elsewhere

Why Should We Improve the Quality of Code

© SQS Group Ltd. | AI | January 2009 | Page 5

Software Requirements Validation Validate requirements to ensure that they are correct, unambiguous, complete and verifiable

Software Architecture Verification Verifies that the code written adheres to the technical architecture design

Software Architecture Evaluation CMMI of IT Architectures

Based on the Architecture Trade-off Analysis Method (ATAM) of the Software Engineering Institute

Established and tested procedure

Reliable results as decision basis

Consideration of technical and functional aspects

Examines the architecture of an application regarding strategic goals such as growth, future interoperability etc

Code Quality Management Static & Dynamic Code Analysis to find programming errors

Utilise agreed quality criteria so that the process is easily repeatable – gauge quality over time

Helps define clear quality gates between each phase in the SDLC

What can we do?

© SQS Group Ltd. | AI | January 2009 | Page 6

Why should we worry about code maintainability – there is a project to be delivered Research shows around 67% of the total cost of ownership over the application’s life cycle is the

maintainability of code

Assess Code Maintainability

3%

3%

5%

7%

15%

67%

Analysis

Specification

Design

Implementation

Test

Maintenance

© SQS Group Ltd. | AI | January 2009 | Page 7

Application needs to be able to evolve and be upgraded in a cost effective manner as the business needs outgrow the initial requirements

How complex is my code?

Code Quality Management Review will help to assess the maintainability of code in terms of the following:

Readability

Ease of maintenance, debugging, fixing, modification and portability

Complexity rating

Software Architecture Verification - Helps to ensures that code has followed design and allow for easier maintenance in the future since the product follows the documentation

Software Architecture Evaluation - Helps to ensure that the solution is in line with the organisation’s strategic goals and will meet future demands

Assess Code Maintainability continued

© SQS Group Ltd. | AI | January 2009 | Page 8

How do we select the right vendor partner How can we be sure that the vendor partner uses industry best practises and has experienced

developers?

How effective is our offshore development team How can we compare the code produced by onshore and offshore teams?

What is the real cost of moving to offshore?

How do we perform against our competitors?

How do we recognise the “stars” in our team What about teams that use different platforms and/or different languages?

Need a method to compare code quality that is objective, repeatable and free from emotion Need standardised criteria

Compare Code & Design Quality

© SQS Group Ltd. | AI | January 2009 | Page 9

AI can help to gauge the intrinsic quality of code and design deliverables that will enable management to make informed decisions and compare different code bases even if they have been written in different programming languages Compare vendors by evaluating previously written code and the associated designs

Compare different teams

Identify and recognise “stars” in the programming team in a repeatable and objective manner

Help to provide incentives for good quality practises throughout the project team

Compare Code & Design Quality continued

© SQS Group Ltd. | AI | January 2009 | Page 10

Open Source Software is of a high quality and is “free” Or is it?

Gartner: In 2011, 80% of the Global 2000 Companies will use Open Source Software (OSS) in their business critical applications

The commercial usage of Open Source is bound to license conditions that potentially involve disclosure of your source code

Software vendors are stepping up efforts to identify, audit and prosecute organizations that are not compliant with their software licensing agreements

2006 survey conducted by Gartner Research revealed that 35% of companies had experienced an on-site software audit from a major software vendor

How much Open Source or Commercial Software are we using Where is it from?

What are the legal implications?

How do we find it?

Static code analysis tools (License compliance management) can help to answer these questions and uncover hidden legal risks

Legal License Pitfalls

© SQS Group Ltd. | AI | January 2009 | Page 11

However, this isn’t a silver bullet

The need for black box testing of functionality cannot be overlooked

Hybrid / grey testing

Code Quality Management and validation of software deliverables is being adopted particularly in Europe and US UK?

Silver Bullet?

SQS Group Limited

7-11 Moorgate | London, EC2R 6AF, United KingdomPhone: +44 (0) 20 7448 4620 Fax: +44 (0) 20 7448 4651E-Mail: sebastian.paczynski@sqs-uk.comInternet: www.sqs-uk.com

Thank you for your attention